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1 This action is in response to the communication filed on 8/20/2008. 

2 DETAILED ACTION 

3 Response to Arguments 

4 Applicants' arguments with respect prior art rejection of claims 1-32 have been 

5 considered but are moot in view of the new ground(s) of rejection, necessitated by the newly 

6 recited claim limitations. 

7 Regarding the applicants' argument with respect to the "brief summary of the invention", 



8 the examiner does not find the argument persuasive. 37 CFR 1 .77(b) states "The specification 

9 should include the following sections in order: ... (7) Brief summary of the invention." As such, 

10 the specification should provide a brief summary of the invention. The applicants argument 

1 1 regarding the MPEP's statement of "when set forth" is not found persuasive. The MPEP states 

12 "such summary should, when set forth, be commensurate with the invention as claimed". In 

13 other words, at the time that it is set forth, the summary should be commensurate with the 

14 invention as claimed. This section does not question the requirement of a brief summary of the 

15 invention, but rather indicates that the summary should reflect the claim language present at the 

16 time when the summary is set forth. As such, the examiner has maintained the objection to the 

17 specification under 37 CFR 1 .77(b), as indicated below. 



1 8 All objections and rejections not set forth below have been withdrawn. 

19 Claims 1-32 have been examined. 

20 Specification 

21 Brief Summary of the Invention : See MPEP § 608.01(d). A brief summary or 

22 general statement of the invention as set forth in 37 CFR 1 .73. The summary is 

23 separate and distinct from the abstract and is directed toward the invention rather 

24 than the disclosure as a whole. The summary may point out the advantages of the 
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1 invention or how it solves problems previously existent in the prior art (and 

2 preferably indicated in the Background of the Invention). In chemical cases it 

3 should point out in general terms the utility of the invention. If possible, the 

4 nature and gist of the invention or the inventive concept should be set forth. 

5 Objects of the invention should be treated briefly and only to the extent that they 

6 contribute to an understanding of the invention. 
7 

8 The specification is objected to for failing to provide a Brief Summary of the Invention as 

9 required by 37 CFR 1.77(b). 

10 Correction is required. See MPEP Section 608.01(d). 

11 

1 2 Claim Rejections - 35 USC §103 

13 The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 

14 obviousness rejections set forth in this Office action: 

15 A patent may not be obtained though the invention is not identically disclosed or 

16 described as set forth in section 102 of this title, if the differences between the subject matter 

17 sought to be patented and the prior art are such that the subject matter as a whole would have 

1 8 been obvious at the time the invention was made to a person having ordinary skill in the art to 

19 which said subject matter pertains. Patentability shall not be negatived by the manner in which 

20 the invention was made. 
21 

22 Claims 1- 7, 9-15, 16-17, 19-22, and 24-32 are rejected under 35 U.S.C. 103(a) as being 

23 unpatentable over Hind et al. (US Patent Number 6,976,163) hereinafter referred to as Hind, and 

24 further in view of TCPA (Technical Overview for EFI). 

25 Regarding claims 1 and 26, Hind disclosed a method of securely configuring a first 

26 machine (See Hind Fig. 10 Element 706) in a pre-operating system environment (See Hind Col. 

27 2 Paragraph 2), the method comprising: detecting a message (See Hind Col. 1 1 Lines 19-31); 

28 determining an operating mode of the machine (See Hind Col. 12 Lines 45-63); receiving a 

29 configuration update (See Hind Col. 18 Lines 52-56); and updating a machine configuration in a 
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1 pre-operating system environment (See Hind Col. 18 Lines 52-56 and Fig. 1 1), but Hind failed to 

2 specifically disclose performing a shared secret key exchange; providing an attestation while the 

3 first machine is operating in the pre-operating system environment for use by a second machine 

4 to determine whether to send a configuration update to the first machine; or receiving the 

5 configuration update when the second machine determines that the attestation is authentic. 

6 However, Hind did disclose decryption at the receiving device using a shared secret (See Hind 

7 Col. 3 Lines 52-59), and did disclose that firmware updates are distributed to the devices based 

8 on an authorization associated with the device, which may be provided, for example, by 

9 identifying a serial number, MAC address license key or other identifier associated with the 

10 device, and then the firmware update may be provided to the device (See Hind Col. 18 Lines 45- 

1 1 56). Hind also fails to disclose how the authorization is performed. 

12 TCP A teaches a method for providing an attestable identity wherein a platform requests 

13 a service of a service provider, the service provider requests a signed trust state from the 

14 platform, the platform signs the trust state using an attestation ID key and returns the signed trust 

15 state to the service provider, which uses a trusted third party to verify the signature and trust state 

16 before providing the service (See TCP A 36-41). 

17 It would have been obvious to the ordinary person skilled in the art at the time of 

1 8 invention to have employed the teachings of TCPA in the firmware updating system of Hind by 

19 providing each device with an attestation key and performing the challenge-response processing 

20 taught by TCPA before providing the firmware update to each device. This would have been 

2 1 obvious because the ordinary person skilled in the art would have been motivated to provide a 
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1 specific means for providing authorization to each device using an identifier of the device, before 

2 providing the firmware, where only a generic disclosure of such had been made by Hind. 

3 It further would have been obvious to one of ordinary skill in the art at the time of 

4 invention to have performed a shared secret key exchange between the firmware distributor and 

5 the updatable device of Hind. This would have been obvious because the ordinary person skilled 

6 in the art would have been motivated to provide both devices with the proper key so that proper 

7 encryption and decryption could occur. 

8 Regarding claims 9, and 29, Hind disclosed a method of securely conveying a 

9 configuration update to a client machine operating in a prc-opcrating system environment, the 

10 method comprising: determining an operating mode of the client machine (See Hind Col. 12 

1 1 Lines 45-63); receiving an attestation (See Hind Col. 18 Lines 45-52); verifying the attestation 

12 (See Hind Col. 18 Lines 45-52); and sending a configuration update to the client machine in a 

13 pre-operating system environment (See Hind Col. 18 Lines 52-56), but Hind failed to 

14 specifically disclose performing a shared secret key exchange; sending a message to the client to 

15 determine whether the client machine supports receiving confirmation updates from a remote 

16 source while the client is operating in the pre-operating system environment. However, Hind did 

17 disclose decryption at the receiving device using a shared secret (See Hind Col. 3 Lines 52-59), 

1 8 and did disclose that firmware updates are distributed to the devices based on an authorization 

19 associated with the device, which may be provided, for example, by identifying a serial number, 

20 MAC address license key or other identifier associated with the device, and then the firmware 

21 update may be provided to the device (See Hind Col. 18 Lines 45-56). Hind also fails to disclose 

22 how the authorization is performed. 
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1 TCPA teaches a method for providing an attestable identity wherein a platform requests a 

2 service of a service provider, the service provider requests a signed trust state from the platform, 

3 the platform signs the trust state using an attestation ID key and returns the signed trust state to 

4 the service provider, which uses a trusted third party to verify the signature and trust state before 

5 providing the service (See TCPA 36-41). 

6 It would have been obvious to the ordinary person skilled in the art at the time of 

7 invention to have employed the teachings of TCPA in the firmware updating system of Hind by 

8 providing each device with an attestation key and performing the challenge-response processing 

9 taught by TCPA before providing the firmware update to each device. This would have been 

10 obvious because the ordinary person skilled in the art would have been motivated to provide a 

1 1 specific means for providing authorization to each device using an identifier of the device, before 

12 providing the firmware, where only a generic disclosure of such had been made by Hind. 

13 It further would have been obvious to one of ordinary skill in the art at the time of 

14 invention to have performed a shared secret key exchange between the firmware distributor and 

15 the updatable device of Hind. This would have been obvious because the ordinary person skilled 

16 in the art would have been motivated to provide both devices with the proper key so that proper 

17 encryption and decryption could occur. 

18 Regarding claim 19, Hind disclosed an apparatus to securely configure a client 

19 machine in a pre-operating system environment, the apparatus comprising: a client machine 

20 comprising: a first messaging module configured to detect messages and send messages (See 

21 Hind Col. 1 1 Lines 19-31); an operating mode (See Hind Col. 12 Lines 45-63); and a 

22 configuration module configured to update the client's configuration in a pre-operating system 
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1 environment (See Hind Col. 18 Lines 52-56); and a server machine comprising: a second 

2 messaging module configured to send messages and receive messages (See Hind Col. 1 1 Lines 

3 19-31); and an update module configured to generate the client configuration update (See Hind 

4 Col. 18 Lines 52-56), but Hind failed to specifically disclose the client machine comprising a 

5 first key exchange module configured to perform a shared secret key exchange, or the server 

6 machine comprising a second key exchange module configured to perform a shared secret key 

7 exchange after an attestation has been verified; a trusted platform module configured to provide 

8 an attestation while the client machine is operating in the pre-operating system environment for 

9 use by a server machine to determine whether to send a client configuration update to the client 

10 machine; that the second messaging module was for use in sending a message to the client 

1 1 machine to determine whether the client machine supports receiving configuration updates from 

12 the server machine while the client machine is operating in the pre-operating system 

13 environment;. However, Hind did disclose decryption at the receiving device using a shared 

14 secret (See Hind Col. 3 Lines 52-59), and did disclose that firmware updates are distributed to 

15 the devices based on an authorization associated with the device, which may be provided, for 

16 example, by identifying a serial number, MAC address license key or other identifier associated 

17 with the device, and then the firmware update may be provided to the device (See Hind Col. 18 

18 Lines 45-56). Hind also fails to disclose how the authorization is performed. 

19 TCPA teaches a method for providing an attestable identity wherein a platform requests a 

20 service of a service provider, the service provider requests a signed trust state from the platform, 

21 the platform signs the trust state using an attestation ID key and returns the signed trust state to 
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1 the service provider, which uses a trusted third party to verify the signature and trust state before 

2 providing the service (See TCPA 36-41). 

3 It would have been obvious to the ordinary person skilled in the art at the time of 

4 invention to have employed the teachings of TCPA in the firmware updating system of Hind by 

5 providing each device with an attestation key and performing the challenge-response processing 

6 taught by TCPA before providing the firmware update to each device. This would have been 

7 obvious because the ordinary person skilled in the art would have been motivated to provide a 

8 specific means for providing authorization to each device using an identifier of the device, before 

9 providing the firmware, where only a generic disclosure of such had been made by Hind. 

1 0 It would have been obvious to one of ordinary skill in the art at the time of invention to 

1 1 have provided the client and server of Hind each with a shared secret key exchange module. 

12 This would have been obvious because the ordinary person skilled in the art would have been 

13 motivated to provide both devices with the proper key so that proper encryption and decryption 

14 could occur. 



15 Regarding claims 2, and 27, Hind and TCPA disclosed that the message is sent from a 

16 second machine (See Hind Col. 1 1 Lines 19-31). 

17 Regarding claims 3, and 20, Hind and TCPA disclosed that the operating mode of the 

18 first machine comprises at least one of an IT-managed machine or a consumer machine (See 

19 Hind Col. 12 Lines 45-63 and Col. 18 Line 59 - Col. 19 Line 3). 

20 Regarding claims 4, 12, and 21, Hind and TCPA disclosed that the attestation comprises 

21 at least one of machine identity information and a pseudo-anonymous authentication (See Hind 

22 Col. 18 Lines 45-52). 
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1 Regarding claim 5, Hind and TCPA disclosed that the pseudo-anonymous authentication 

2 is provided by a trusted platform module (See TCPA Pages 40-41). 

3 Regarding claims 6, and 13, Hind and TCPA disclosed that the machine identity 

4 information comprises at least one of a serial number, a network name, or a cryptographic 

5 representation of hardware registers (See TCPA Pages 40-41). 

6 Regarding claims 7, and 14, Hind and TCPA disclosed that the pseudo-anonymous 

7 authentication comprises an Attestation Identity Key (See TCPA Pages 40-41). 

8 Regarding claim 10, Hind and TCPA disclosed the message is to a client machine (See 

9 Hind Col. 11 Lines 19-31). 

10 Regarding claim 11, Hind and TCPA disclosed that the operating mode of the client 

1 1 machine comprises at least one of an IT-managed device and a personal device (See Hind Col. 

12 12 Lines 45-63 and Col. 18 Line 59 - Col. 19 Line 3). 

13 Regarding claims 15 and 31, Hind and TCPA disclosed that the attestation is verified by a 

1 4 trusted third party (See TCPA Page 41). 

15 Regarding claims 16, 22, 24, and 28, Hind disclosed that the configuration comprises at 

16 least one of a firmware setting, a BIOS setting, or a machine setting (See Hind Col. 18 Lines 45- 

17 52). 

18 Regarding claims 17, 25, and 32, Hind and TCPA did not specifically disclose the 

19 configuration update being encrypted. However, Hind did disclose the update being provided 

20 over a network, and it was well known at the time of invention to encrypt transmissions over a 

2 1 network. Therefore, it would have been obvious to the ordinary person skilled in the art at the 

22 time of invention to have encrypted the configuration update of Hind. This would have been 
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1 obvious because the ordinary person skilled in the art would have been motivated to protect the 

2 update from being intercepted by an illicit party. 

3 Regarding claim 30, Hind and TCPA disclosed instructions stored thereon that, when 

4 executed, cause the first machine to send the message via a network connection (See Hind Fig. 

5 10). 

6 Claims 8, 18, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over Hind 

7 and TCPA as applied to claiml, 9, and 19 above, and further in view of Girard (US Patent 

8 Number 7,093,124). 

9 Hind and TCPA disclosed updating BIOS and Firmware in a computer, but failed to 

10 specifically disclose that updating is adapted to operate in an OS-transparent operating mode 

1 1 with networking support. 

12 Girard teaches a system for updating BIOS and system configurations remotely, and 

13 teaches that the use of an agent running in the BIOS, prior to loading the operating system, to 

14 perform authentication of a new boot image and to perform the required configuration, provides 

15 tamper resistance (See Girard Col. 1 Lines 20-47). 

16 It would have been obvious to the ordinary person skilled in the art at the time of 



17 invention to employ the teachings of Girard in the firmware updating system of Hind and TCPA 

18 by performing the downloading, authentication, and configuration of Hind using an agent within 

19 the BIOS which is run prior to loading of the operating system. This would have been obvious 

20 because the ordinary person skilled in the art would have been motivated to provide the updating 

2 1 with tamper resistance. 
22 
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1 Conclusion 

2 Claims 1-32 have been rejected. 

3 The prior art made of record and not relied upon is considered pertinent to applicant's 

4 disclosure. 

5 Applicant's amendment necessitated the new ground(s) of rejection presented in this 

6 Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 

7 Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

8 A shortened statutory period for reply to this final action is set to expire THREE 



9 MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 

10 MONTHS of the mailing date of this final action and the advisory action is not mailed until after 

1 1 the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 

12 will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 

13 CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 

14 however, will the statutory period for reply expire later than SIX MONTHS from the date of this 

15 final action. 



16 Any inquiry concerning this communication or earlier communications from the 

17 examiner should be directed to MATTHEW T. HENNING whose telephone number is 

18 (571)272-3790. The examiner can normally be reached on M-F 8-4. 

19 If attempts to reach the examiner by telephone are unsuccessful, the examiner's 

20 supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 

21 organization where this application or proceeding is assigned is 571-273-8300. 
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1 Information regarding the status of an application may be obtained from the Patent 

2 Application Information Retrieval (PAIR) system. Status information for published applications 

3 may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

4 applications is available through Private PAIR only. For more information about the PAIR 

5 system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

6 system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 

7 like assistance from a USPTO Customer Service Representative or access to the automated 

8 information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
9 

10 
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13 
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